Hack Proofing Your Network: Internet Tradecraft: The Only Way to Stop a Hacker Is to Think Like One (Syngress) [Englisch] [Taschenbuch]

Endorsed by no less than the hacker god, Kevin Mitnick, himself, Hack Proofing Your Network is a collaborative work, with contributions from a dozen or so network security experts, many of whom were prominent in the hacking community until fairly recently. Now these poachers have turned gamekeeper and are selling their expertise to corporate networks anxious to prevent people like them from hacking their systems.

The book is based on the rather shaky premise that you need a thief to catch a thief and so the best way to make sure your network security is up to scratch is to use "real world" hacking techniques to test it. To this end the book covers a wide remit, covering such areas as the hacker psyche, classes of attack, cryptography, buffer overflows, remote attacks, spoofing and viruses. The book is littered with fragments of sample hacking code, backed with URLs for hacking "resources". There is even a line-by-line analysis of the Melissa worm. Unfortunately, while there are plenty of examples of hacking code and tricks, the book is suspiciously light on measures you could take to prevent such attacks.

Overall, the book suffers from a lack of structure, being constructed from a large collection of hacker "nuggets" and this, coupled with the large number of authors makes Hack Proofing a rather bitty concoction, occasionally lacking coherence.

Whether the book will give you useful insights in to tightening security depends on your attitude to "ethical hackers". If you favour the concept, then this book will undoubtedly help you get inside the mind of the hacker and the tools they use. If you don't, then you will view this book as a thinly disguised Hacker's Handbook. --Roger Gann

Too many network administrators depend on the "big sky" principle of network security--they believe that the large number of Internet-connected machines out there will keep black-hat hackers away. Hack Proofing Your Network: Internet Tradecraft points out that statistics are no defense, and that such an attitude is irresponsible. The book shows steps that you can take to harden your resources against attack. Although most of the material in this book isn't up-to-the-minute (how could it be, when the tactics of attackers change daily), you can discourage hackers by implementing the strategies that it describes.

Many antihacking texts assume a fair bit of knowledge, but this one doesn't. Ryan Russell and coauthors explain many terms and concepts, such as traffic sniffing, cryptography, and file differentiation ("diffing"), and the tools that evildoers use to wreak havoc on the systems that they attack--complete with Internet addresses from which you can download them. The book walks you through sample attacks, too, such as hijacking a connection by using a tool called Hunt. Overall, this is a fine introductory-to-intermediate antihacking volume that leads well into more current and advanced resources. You might want to supplement it with two other practical computer-security books: Hacking Exposed catalogues many of the tools that bad guys use, while Network Intrusion Detection helps you analyze security logs and spot attacks in progress. --David Wall

Topics covered:

• Modes of attack, and means of defending against them
• Political environment governing software and networking
• Laws and policies springing from that environment
• Approaches to the problem of breaking into systems or denying their services to legitimate users
• Spoofing
• Sniffing
• Transmission interception
• Several other popular tactics

Systems and software packages are being connected to the Internet at an astounding rate. Many of these systems and packages were not designed with security in mind. If they were, they are still open to hackers wielding various techniques including password cracking, viruses and session hijacking.

IT professionals need to keep their own systems secure. This book shows them how to make a meaningful security assessment of their own system, by thinking like a hacker. The central idea of the book is that it is better for you to find the holes in your network than it is for someone else to find them, someone who would use them against you. Theory is backed up with real-world examples from Unix, Windows and Cisco routers and switches.

The politics; laws of security; classes of attack; methodology; diffing; decrypting; brute force; unexpected input; buffer overrun; sniffing; session hijacking; spoofing; server holes; client holes; trojans and viruses; reporting security problems; choosing secure systems.

Kevin Mitnick's quote on the Hack Proofing cover says it nicely:

"Ryan Russell has an important message for us all: 'What you don't know *will* hurt you.' In his book, Hack Proofing Your Network: Internet Tradecraft Ryan reveals the "how to" of systems penetration techniques that intruders may use against you! While "full disclosure" is a two-edged sword, the benefits include forcing software manufacturers to quickly fix security holes and informing potential victims of the vulnerabilities that exist in their infrastructures." Kevin Mitnick

This book brings together some of the most talented IPSec professionals and prominent grey-hat hackers to tell you how to protect your systems from attack. The focus is on the practical and the objective is to leave you with the know-how and tools to deal with virus, session hijacking, client holes, spoofing, and more.

Learn from the best: Mudge, advisor to the White House and Congress; Rain Forest Puppy; Elisa Levy, BUGTRAQ moderator; Blue Boar, Vuln-Dev moderator; Dan 'Effugas' Kaminsky, Advanced Network Services division, Cisco Systems; Oliver Friedrichs, Co-founder, SecurityFocus.com; Riley "Caezar" Eller, Senior Security Engineer, Internet Security Advisors; Greg Hoglund, Founder, Click To Secure

If you don't hack your systems, who will?

One of the reasons I put this book project together is that I believe security professionals should be hackers. In this case, by hackers, I mean people who are capable of defeating security measures. This book purports to teach people how to be hackers. In reality, most of the people who buy this book will do so because they want to protect their own systems and those of their employer. So, how can you prevent break-ins to your system if you don't know how they are accomplished? How do you test your security measures? How do you make a judgement about how secure a new system is?

When you're through reading Hack Proofing Your Network, you'll understand terms like 'smashing the stack,' 'blind spoofing,' 'building a backward bridge,' 'steganography,' 'buffer overflow' and you'll see why you need to worry about them. You will learn how to protect your servers from attacks by using a 5-step approach:

1. Planning

2. Network/Machine Recon

3. Research/Develop

4. Execute Attack and Achieve Goal

5. Cleanup

And you'll understand the theory of hacking, how to fend off local and remote attacks, and how to report and evaluate security problems.

The Only Way to Stop a Hacker Is to Think Like One.

---Ryan Russell, Hack Proofing Your Network

Ryan Russell is MIS Manager at SecurityFocus.com. He has served as an expert witness on security topics and has done internal security investigation for a major software vendor. Ryan has contributed to three Syngress Media books, on networking topics. He has a degree in computer science from San Francisco State University.

Stace Cunningham, CLSE, COS/2E, CLSI, COS/2I, and CLSA is a security consultant. He has helped many clients, including a casino, develop and implement network security plans.

Contributors include Mudge, Rain Forest Puppy (RFP), Blue Boar, Dan 'Effugas' Kaminsky, Oliver Friedrichs, Riley "Caezar" Eller and others.

Syngress Media is an independent publisher of print and electronic reference materials for Information Technology professionals seeking skill enhancement and career advancement. Distributed throughout Europe, Asia, South America, and the U.S., Syngress Media titles have been translated into six languages and have sold more than 1,500,000 copies in the last two years. The Company's pioneering customer support program, solutions@syngress.com, extends the value of every Syngress title with regular information updates and customer-driven author forums. Syngress Media has also established strategic alliances with Global Knowledge, one of the world's largest information technology education companies, and Callisma, the premier network services provider of Cisco convergence technology.